Hurricane Sandy tested the capabilities of contingency planning along the east coast and prompted the SEC’s National Exam Program (NEP) to review the BCPs of about 40 advisers. The NEP wanted to see how Hurricane Sandy impacted the processing of securities transactions (order taking, order entry, execution, allocation, clearance and settlement) as well as delivery of funds and securities, client relations, financial and regulatory obligations and technology.
They found that insufficiently comprehensive BCPs and those that do not provide for mobile or remote access by employees are often ineffective. BCPs that concentrate technology, facilities and operations in one geographic region were vulnerable to local and regional disruptions. BCPs that do not maintain information about suppliers and vendors including contact information were less effective in dealing with business disruptions. And do-it-yourself systems maintenance is seldom effective.
The NEP also confirmed that BCPs that have been created as a result of collaboration between compliance and all business lines and operations units tend to be more effective and those BCPs that provide employees with the ability to work remotely can be more effective than those that do not. BCPs should include an inventory of critical vendors (ranked according to risk) and questions should be asked of vendors with regards to their contingency plans. BCPs should provide for proactive initiation of backup or alternative sites and facilities and should consider locating backup or additional facilities on a different power grid or in another geographic location. And redundant or mobile connectivity to the internet is an important consideration.
The core message of the Risk Alert and the Joint Publication issued by the SEC, the Commodity Futures Trading Commission (CFTC) and the Financial Industry Regulatory Authority (FINRA) is that BCPs should be the result of careful and comprehensive planning, thorough preparation, strategic redundancy and geographic diversity applied to critical supply chain providers, good internal and external communications and testing.
If you have any questions about this article or want to make certain your business continuity plan is up to the challenge, please call Red Oak Compliance today. We are here to help.
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is a leading provider of intelligent compliance software, offering a range of AI-powered solutions designed to help firms of all sizes successfully navigate the increasingly complex regulatory landscape. Our suite of 17(a)-4/WORM compliant features offer risk minimization, cost reduction, and process optimization capabilities with features that are designed to evolve with our client’s needs. Our flagship advertising review software enables firms to deliver compliant content to the market with confidence, faster. Our Disclosure Management and Intelligence solution simplifies the management of disclosures, while our Registration Management solution automates and streamlines the licensing and registration process, further enhancing your internal processes.